CISA Warns of Google Chrome Zero-day Vulnerability Exploited in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding a critical zero-day vulnerability in Google Chrome that is actively being exploited in the wild.

The vulnerability, identified as CVE-2025-2783, affects the Chromium-based browsers on Windows systems and poses a significant security risk to users and organizations.

CVE-2025-2783 is a high-severity sandbox escape vulnerability in the Chromium Mojo framework, which is used by popular browsers such as Google Chrome, Microsoft Edge, and Opera.

The flaw originates from a logic error that results in an incorrect handle being provided under specific circumstances, allowing attackers to bypass Chrome’s sandbox protections.

Stop attacks before they start, powered by a 97% precise neural Network to Detect Cyber Attacks

Security researchers from Kaspersky discovered the vulnerability being actively exploited in a sophisticated cyber-espionage campaign dubbed “Operation ForumTroll.”

CISA Warns of Google Chrome Zero-day

The attackers targeted media outlets, educational institutions, and government organizations in Russia through highly personalized phishing emails.

The exploit chain is particularly dangerous as it requires minimal user interaction. Victims only need to click on a malicious link in a phishing email for the attack to succeed, with no further action required.

Once triggered, the exploit allows attackers to escape the browser’s sandbox and potentially execute arbitrary code on the victim’s system.

Google has responded swiftly to the threat by releasing a patch for Chrome users on Windows. The fix is included in version 134.0.6998.177/.178, which is currently being rolled out globally.

CISA strongly urges all users and organizations to update their Chrome browsers immediately to mitigate the risk.

While the full extent of the exploitation is still under investigation, the sophistication of the attacks suggests the involvement of a state-sponsored Advanced Persistent Threat (APT) group.

The primary goal of the campaign appears to be espionage, highlighting the potential national security implications of this vulnerability.

CISA recommends the following actions for individuals and organizations:

1. Update Google Chrome and other Chromium-based browsers to the latest version immediately.
2. Enable automatic updates for browsers to ensure prompt installation of future security patches.
3. Implement robust phishing awareness training for employees to help identify and avoid suspicious links.
4. Consider deploying advanced security tools such as SIEM (Security Information and Event Management) solutions to enhance threat detection and response capabilities.

For federal agencies, CISA emphasizes adherence to the Binding Operational Directive (BOD) 22-01, which provides specific guidance for addressing known exploited vulnerabilities in cloud services.

As the situation continues to evolve, CISA will provide updates and additional guidance as necessary. The agency also reminds users and organizations to remain vigilant and report any suspicious activities or potential compromises to the relevant authorities.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

The post CISA Warns of Google Chrome Zero-day Vulnerability Exploited in the Wild appeared first on Cyber Security News.